amq | MQ 简称 , 是一个极轻量化 , 依赖极度少的 MQ 消息系统

I have a rabbitmq cluster with 3 nodes. One node has a durable and non-mirrored classic queue named test-queue.

I have a spring boot app using spring-AMQP default connection factory new CachingConnectionFactory() to firstly ensure the queue exists and then subscribe its messages. Everything works fine

Then I started a rolling update to the rabbitmq cluster, where node was being restarted one by one.

I observed following during this process from the log:

Upon start I saw below output

I've got two EC2 instances running Artemis in the master-slave replication setup and I always perform rolling upgrade by shutting down the slave, upgrading it and starting it again. Then I do the same with the master. This no longer works for me while upgrading from 2.17 to 2.18. After upgrading one of the nodes I always get this message on that node:

We are building an app based on Red Hat JBoss AMQ 6. We wrap some Java code around the base image to provide extra functionalities which are lacking in AMQ 6.

Now, when the CVE of Log4j stroke, we found that this component is vulnerable because it uses log4j 1.x. Now I don't just mean our Java code uses it, but also the base image of Red Hat AMQ 6 uses it. As AMQ 6 is EOL now, Red Hat does not provide support anymore, so there will not be official releases with fix.

So, how do I remove vulnerable log4j 1.x classes from:

• my Java code
• the base image

?

I am building with jib maven plugin.

It seems mvn dependency:tree only gives info about our Java wrapper code, not about the base image. And I don't understand what does the "+" and "-" mean while it gives output like this:

When I run my mocha tests in debug mode, Node.js debugger has a default value used as the --inspect-brk= value. Without specifying it in the script, my test script looks like that

We have been using spring integration core and spring integration amqp along with rabbitm-mq for a long time now. Our services also used dead lettering mechanism by using x-death header and amaqp-expiration header It used to work fine until now when we decied to upgrade the version of spring-integration .

Prior version : 5.0.6.RELEASE

New version : 5.2.4.RELEASE

Rabbit mq headers in previous version

I am using Jib to pull a base image, add my wrapper java code to it, and build my image on top of that. Due to the widely known log4j CVE in December 2021, we are looking for a way to remove the vulnerable classes. (Now more CVEs are found in 2022, one of them has a score of 10.0, the highest possible. See https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-37215/Apache-Log4j.html)

The base image is near EOL, so the provider answered that they would not release a new version; besides, log4j 1.x also reached EOL long before. But the current situation is that we have no plan of upgrading the base image to next version, so removing the classes seem to be the only way now.

The base image will use /opt/amq/bin/launch.sh as entrypoint. And I have found that I can use customized entrypoint to run a script before that, which removes the classes. Like /opt/amq/bin/my_script.sh, and in that I have run_fix.sh && /opt/amq/bin/launch.sh.

Then I realized that even this would work by mitigating the risk when the application is actually running, the vulnerability scan(part of security process) will still raise alarms while examining the image binary, as this is a static process done before the image is uploaded to the docker registry for production, way before actually running it. They can only be removed at the moment when the application runs, aka at runtime.

Can jib pre-process the base image while doing Maven build(mvn clean install -Pdocker-build) instead of only allowing it at runtime? According to what I have read, I understand it's a big NO, and there's no plugin for it yet.

I have ActiveMQ Artemis 2.8.1 running and get the following error when I try to connect to it using a Spring Boot application over SSL.

I'm using ActiveMQ Artemis 2.16.0 and the management console is based on Hawtio. I've successfully integrated it with Keycloak (OpenID Connect) using this instructions. Now I've upgraded to ActiveMQ Artemis 2.17.0 and it stop working. Hawtio version seems the same:

I am just trying to post incoming payload to rabbitmq by using messageStore in WSO2 EI 6.6.0.

API-Code: